views:

17

answers:

0

I'm using stunnel 4.26 in windows environment to encrypt database traffic between web server and Oracle database. In general it works but I've got couple weird issues and I was wondering if somebody would know answer for it.

So I have a web server machine where I run stunnel in client mode. With connection parameters like

[SOME NAME]
Accept = 12001
Connect = 192.168.0.44:12486

On the server end, I run stunnel in server mode with connection parameters like

[Oracle DB]
accept = 12486
connect = 127.0.0.1:1521

Question #1. As I understand stunnel will not establish connection between client and server until other process will connect to the stunnel client on 12001. Is that true? Seems to be this way, by looking what Wireshark shows but want to confirm that.

Question #2. Server end is down for some reason. Either Oracle is no longer listening on 1521 or stunnel-server is shut down and nobody is listening on 12486. Stunnel-client will still accept connections on 12001 successfully. Is there easy way to recognize that server end is down? I was thinking that stunnel-client would try to open connection to stunnel-server and if everything is fine only then it will accept connection on 12001. But looks like it does not work this way. Is there a way to force him somehow so it will tell application that server end is down?